- From: Robin Berjon <robin@robineko.com>
- Date: Mon, 5 Oct 2009 18:04:44 +0200
- To: "Nilsson, Claes1" <Claes1.Nilsson@sonyericsson.com>
- Cc: "'public-device-apis@w3.org'" <public-device-apis@w3.org>
Hi, On Oct 5, 2009, at 14:34 , Nilsson, Claes1 wrote: > I am considering the following: Web applications, for example social > network services, often require secrets, “credentials” to get > access to service APIs. If these credentials are stored in the > application html or JavaScript code then they are easily accessible > and can be misused. To protect these credentials it would be useful > if the FileSystem API provides a secure storage and management of > credentials. Are you thinking about API keys, like for Twitter or Flickr, or about a different sort of credential? > What about adding a requirement that says: > > “SHOULD provide secure storage and management of credentials.” Is that expected to be, say, an encrypted volume? I'm not sure I fully understand the level of security you are looking for here, could you provide a concrete case of an application using this functionality, and how it contrasts with one that doesn't (it doesn't need to be very complex)? -- Robin Berjon robineko — setting new standards http://robineko.com/
Received on Monday, 5 October 2009 16:05:14 UTC